Can I make one other (possibly stupid) suggestion?
if I understand correctly ...
Can you perhaps have TWO ip addresses on the destination systems?
alias the one on top of the other?
Then DNAT from inbound interface A to target ip A
DNAT from inbound interface B to tartget ip B
and the unDNAT would handle more accurately?
(or am I utterly off the wall here) and the reply from the target system to
the firewall would not nessesarily come BACK from the ip it was sent to?
On October 15, 2003 08:23 am, Gaby Schilders wrote:
> idea. I will check if this works. Is the conmark retained on all packets
> associated with the connection?
--
Alistair Tonner
nerdnet.ca
Senior Systems Analyst - RSS
Any sufficiently advanced technology will have the appearance of magic.
Lets get magical!
